Skip to content

Commit 4238b9b

Browse files
literalplusliteralplus
committed
Fix MathJax CSP issues
1 parent 080436a commit 4238b9b

5 files changed

Lines changed: 18 additions & 16 deletions

File tree

app.js

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -118,22 +118,22 @@ app.use((req, res, next) => {
118118
// https://helmetjs.github.io/docs/csp/
119119
if (config.csp.enable) {
120120
var cdnDirectives = {
121-
scriptSrc: ["https://cdnjs.cloudflare.com"],
122-
styleSrc: ["https://cdnjs.cloudflare.com", "https://fonts.googleapis.com"],
123-
fontSrc: ["https://cdnjs.cloudflare.com", "https://fonts.gstatic.com"]
121+
scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'],
122+
styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'],
123+
fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com']
124124
}
125125
var directives = {}
126126
for (var propertyName in config.csp.directives) {
127-
if(config.csp.directives.hasOwnProperty(propertyName)) {
127+
if (config.csp.directives.hasOwnProperty(propertyName)) {
128128
var directive = config.csp.directives[propertyName]
129129
if (config.usecdn && !!cdnDirectives[propertyName]) {
130130
directive = directive.concat(cdnDirectives[propertyName])
131131
}
132-
directives[propertyName] = directive;
132+
directives[propertyName] = directive
133133
}
134134
}
135135
directives.scriptSrc.push(function (req, res) { return "'nonce-" + res.locals.nonce + "'" })
136-
if(config.csp.upgradeInsecureRequests === 'auto') {
136+
if (config.csp.upgradeInsecureRequests === 'auto') {
137137
directives.upgradeInsecureRequests = config.usessl === 'true'
138138
} else {
139139
directives.upgradeInsecureRequests = config.csp.upgradeInsecureRequests === 'true'
@@ -142,7 +142,7 @@ if (config.csp.enable) {
142142
directives: directives
143143
}))
144144
} else {
145-
logger.info('Content-Security-Policy is disabled. This may be a security risk.');
145+
logger.info('Content-Security-Policy is disabled. This may be a security risk.')
146146
}
147147

148148
i18n.configure({

public/js/mathjax-config-extra.js

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
var MathJax = {
2+
messageStyle: 'none',
3+
skipStartupTypeset: true,
4+
tex2jax: {
5+
inlineMath: [['$', '$'], ['\\(', '\\)']],
6+
processEscapes: true
7+
}
8+
}

public/views/hackmd/foot.ejs

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
1-
<script type="text/x-mathjax-config">
2-
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
3-
</script>
1+
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
42
<% if(useCDN) { %>
53
<script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script>
64
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>

public/views/pretty.ejs

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -72,9 +72,7 @@
7272
</body>
7373

7474
</html>
75-
<script type="text/x-mathjax-config">
76-
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
77-
</script>
75+
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
7876
<% if(useCDN) { %>
7977
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
8078
<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>

public/views/slide.ejs

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -89,9 +89,7 @@
8989
</div>
9090
</div>
9191

92-
<script type="text/x-mathjax-config">
93-
MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
94-
</script>
92+
<script src="<%= url %>/js/mathjax-config-extra.js"></script>
9593
<% if(useCDN) { %>
9694
<script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/lib/js/head.min.js" integrity="sha256-+09kLhwACKXFPDvqo4xMMvi4+uXFsRZ2uYGbeN1U8sI=" crossorigin="anonymous"></script>
9795
<script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/js/reveal.min.js" integrity="sha256-lvaInSKflJWLPqf5N5oHr/UZFwXKD6gckerdwoHqECY=" crossorigin="anonymous"></script>

0 commit comments

Comments
 (0)